You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by Brian Pedersen <ba...@yahoo.dk> on 2002/02/21 22:36:59 UTC
Users and Groups
Hi
I have just installed Apache Jetspeed 1.3a2 under Tomcat 4.0.2.
It seems like a really cool framework, with lots of improvements since the last
version i've seen.
I have two major problems though:
1) I cant associate Users with Groups from the security pane, when logged in as
'admin' ?
2) I cant seem to figure out how to obtain information through the runData
interface about the current users Security Roles.
I have tried obtaining user-information by casting the 'runData' parameter from
the 'getContent(RunData runData)' method in my portlet into
'org.apache.jetspeed.services.rundata.JetspeedRunData' and calling
'.getProfile().getXXX()' on it, but this gives the strangest results like
'.getLanguage()' returning the String : 'Anonymous' and '.getName()' returning
the String : 'default.psml' ?
Also, it seems denying a user the permission to minimize, has no effect at all,
he can still minimize the portlets ?
I have read the 'Portlet Howto', but it is only half finished and has lots of
black holes.
I hope you can help me.
It is essential to my project to be able to associate Users with Groups, and
check their associated Security Roles/Groups from within my code.
Regards
Brian Pedersen
_____________________________________________________
Hold styr på tiden!
Få en Yahoo! Kalender på www.yahoo.dk/kalender
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Users and Groups
Posted by Santiago Gala <sg...@hisitech.com>.
David Sean Taylor wrote:
>Hi Brian,
>
>>-----Original Message-----
>>From: Brian Pedersen [mailto:basetarget@yahoo.dk]
>>Sent: Thursday, February 21, 2002 1:37 PM
>>To: jetspeed-dev@jakarta.apache.org
>>Subject: Users and Groups
>>
>>
>>Hi
>>
>>I have just installed Apache Jetspeed 1.3a2 under Tomcat
>>4.0.2. It seems like a really cool framework, with lots of
>>improvements since the last version i've seen.
>>
>>I have two major problems though:
>>
>>1) I cant associate Users with Groups from the security pane,
>>when logged in as 'admin' ?
>>
>
>Yes. Didn't feature didn't make it into 1.3a2. (its still not in cvs)
>Groups are associated to users thru roles
>
>See
>http://jakarta.apache.org/turbine/turbine-2/howto/security-howto.html
>For more info on the security model.
>
>>2) I cant seem to figure out how to obtain information
>>through the runData interface about the current users Security Roles.
>>
>
>Turbine has security check helpers:
>
>http://www.bluesunrise.com/jetspeed-docs/turbine-2001-1124-javadocs/org/
>apache/turbine/util/SecurityCheck.html
>
>As does Jetspeed
>
>http://www.bluesunrise.com/jetspeed-docs/javadocs/org/apache/jetspeed/se
>rvices/JetspeedSecurity.html
>
>You can obtain the acls from rundata
>http://www.bluesunrise.com/jetspeed-docs/turbine-2001-1124-javadocs/org/
>apache/turbine/util/RunData.html#getACL()
>
>You can always cast RunData to JetspeedRunData
>
>http://www.bluesunrise.com/jetspeed-docs/javadocs/org/apache/jetspeed/se
>rvices/rundata/JetspeedRunData.html
>
>Recommend using JetspeedSecurity for security checks with Jetspeed.
>
Standard security checks will be enforced without any user code, so that
we don't depend on user implementation.
The idea is that JetspeedSecurity API will be handled by the internals
of Jetspeed, and you will just write in the PSML things like <security
role="accountant"> and define your security requirements there.
For this to be flexible enough, I'm writing a proposal on the needed
changes.
You will be able still to do your own checks, using JetspeedSecurity.
I have been working into this in the last weeks. I had to slow for a
while, but I'm coming back to it.
>
>>I have tried obtaining user-information by casting the
>>'runData' parameter from the 'getContent(RunData runData)'
>>method in my portlet into
>>'org.apache.jetspeed.services.rundata.JetspeedRunData' and
>>calling '.getProfile().getXXX()' on it, but this gives the
>>strangest results like '.getLanguage()' returning the String
>>: 'Anonymous' and '.getName()' returning the String : 'default.psml' ?
>>
>
>Well - getLanguage should not return 'Anonymous' - are you sure you
>didn't call getUser()
>Could you verify that?
>
>getName() returning 'default.psml' is correct. That is the name of the
>profile.
>
>
>>Also, it seems denying a user the permission to minimize, has
>>no effect at all, he can still minimize the portlets ?
>>
>
>Just discussed this one last night on this list.
>Working on a patch.
>
>>I have read the 'Portlet Howto', but it is only half finished
>>and has lots of black holes.
>>
>
>Cheers :)
>Any suggestions or contributions are very welcome.
>
>>I hope you can help me.
>>It is essential to my project to be able to associate Users
>>with Groups, and check their associated Security Roles/Groups
>>from within my code.
>>
>
>It should all be there (except for the UI to define groups/roles/users)
>
>Look into JetspeedSecurityService which extends TurbineSecurity.
>The idea for the checkPermission calls in Jetspeed was to extend
>TurbineSecurity checks to include checks for resources (portlets,
>controls, controllers, psml)
>
>Get familiar with how Turbine's object model works.
>Here's the DDL (from mySQL):
>
>------------------------------------------------------------------------
>--
>-- TURBINE_PERMISSION
>------------------------------------------------------------------------
>--
>drop table if exists TURBINE_PERMISSION;
>
>CREATE TABLE TURBINE_PERMISSION
>(
> PERMISSION_ID INTEGER NOT NULL AUTO_INCREMENT,
> PERMISSION_NAME VARCHAR (99) NOT NULL,
> OBJECTDATA MEDIUMBLOB,
> PRIMARY KEY(PERMISSION_ID),
> UNIQUE (PERMISSION_NAME)
>);
>
>
>------------------------------------------------------------------------
>--
>-- TURBINE_ROLE
>------------------------------------------------------------------------
>--
>drop table if exists TURBINE_ROLE;
>
>CREATE TABLE TURBINE_ROLE
>(
> ROLE_ID INTEGER NOT NULL AUTO_INCREMENT,
> ROLE_NAME VARCHAR (99) NOT NULL,
> OBJECTDATA MEDIUMBLOB,
> PRIMARY KEY(ROLE_ID),
> UNIQUE (ROLE_NAME)
>);
>
>
>------------------------------------------------------------------------
>--
>-- TURBINE_GROUP
>------------------------------------------------------------------------
>--
>drop table if exists TURBINE_GROUP;
>
>CREATE TABLE TURBINE_GROUP
>(
> GROUP_ID INTEGER NOT NULL AUTO_INCREMENT,
> GROUP_NAME VARCHAR (99) NOT NULL,
> OBJECTDATA MEDIUMBLOB,
> PRIMARY KEY(GROUP_ID),
> UNIQUE (GROUP_NAME)
>);
>
>
>------------------------------------------------------------------------
>--
>-- TURBINE_ROLE_PERMISSION
>------------------------------------------------------------------------
>--
>drop table if exists TURBINE_ROLE_PERMISSION;
>
>CREATE TABLE TURBINE_ROLE_PERMISSION
>(
> ROLE_ID INTEGER NOT NULL,
> PERMISSION_ID INTEGER NOT NULL,
> PRIMARY KEY(ROLE_ID,PERMISSION_ID),
> FOREIGN KEY (ROLE_ID) REFERENCES TURBINE_ROLE (ROLE_ID),
> FOREIGN KEY (PERMISSION_ID) REFERENCES TURBINE_PERMISSION
>(PERMISSION_ID)
>);
>
>
>------------------------------------------------------------------------
>--
>-- TURBINE_USER
>------------------------------------------------------------------------
>--
>drop table if exists TURBINE_USER;
>
>CREATE TABLE TURBINE_USER
>(
> USER_ID INTEGER NOT NULL AUTO_INCREMENT,
> LOGIN_NAME VARCHAR (32) NOT NULL,
> PASSWORD_VALUE VARCHAR (32) NOT NULL,
> FIRST_NAME VARCHAR (99) NOT NULL,
> LAST_NAME VARCHAR (99) NOT NULL,
> EMAIL VARCHAR (99),
> CONFIRM_VALUE VARCHAR (99),
> MODIFIED TIMESTAMP,
> CREATED TIMESTAMP,
> LAST_LOGIN TIMESTAMP,
> OBJECTDATA MEDIUMBLOB,
> PRIMARY KEY(USER_ID),
> UNIQUE (LOGIN_NAME)
>);
>
>
>------------------------------------------------------------------------
>--
>-- TURBINE_USER_GROUP_ROLE
>------------------------------------------------------------------------
>--
>drop table if exists TURBINE_USER_GROUP_ROLE;
>
>CREATE TABLE TURBINE_USER_GROUP_ROLE
>(
> USER_ID INTEGER NOT NULL,
> GROUP_ID INTEGER NOT NULL,
> ROLE_ID INTEGER NOT NULL,
> PRIMARY KEY(USER_ID,GROUP_ID,ROLE_ID),
> FOREIGN KEY (USER_ID) REFERENCES TURBINE_USER (USER_ID),
> FOREIGN KEY (GROUP_ID) REFERENCES TURBINE_GROUP (GROUP_ID),
> FOREIGN KEY (ROLE_ID) REFERENCES TURBINE_USER_ROLE (ROLE_ID)
>);
>
>
>
>--
>To unsubscribe, e-mail: <ma...@jakarta.apache.org>
>For additional commands, e-mail: <ma...@jakarta.apache.org>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: Users and Groups
Posted by David Sean Taylor <da...@bluesunrise.com>.
Hi Brian,
> -----Original Message-----
> From: Brian Pedersen [mailto:basetarget@yahoo.dk]
> Sent: Thursday, February 21, 2002 1:37 PM
> To: jetspeed-dev@jakarta.apache.org
> Subject: Users and Groups
>
>
> Hi
>
> I have just installed Apache Jetspeed 1.3a2 under Tomcat
> 4.0.2. It seems like a really cool framework, with lots of
> improvements since the last version i've seen.
>
> I have two major problems though:
>
> 1) I cant associate Users with Groups from the security pane,
> when logged in as 'admin' ?
Yes. Didn't feature didn't make it into 1.3a2. (its still not in cvs)
Groups are associated to users thru roles
See
http://jakarta.apache.org/turbine/turbine-2/howto/security-howto.html
For more info on the security model.
>
> 2) I cant seem to figure out how to obtain information
> through the runData interface about the current users Security Roles.
Turbine has security check helpers:
http://www.bluesunrise.com/jetspeed-docs/turbine-2001-1124-javadocs/org/
apache/turbine/util/SecurityCheck.html
As does Jetspeed
http://www.bluesunrise.com/jetspeed-docs/javadocs/org/apache/jetspeed/se
rvices/JetspeedSecurity.html
You can obtain the acls from rundata
http://www.bluesunrise.com/jetspeed-docs/turbine-2001-1124-javadocs/org/
apache/turbine/util/RunData.html#getACL()
You can always cast RunData to JetspeedRunData
http://www.bluesunrise.com/jetspeed-docs/javadocs/org/apache/jetspeed/se
rvices/rundata/JetspeedRunData.html
Recommend using JetspeedSecurity for security checks with Jetspeed.
>
> I have tried obtaining user-information by casting the
> 'runData' parameter from the 'getContent(RunData runData)'
> method in my portlet into
> 'org.apache.jetspeed.services.rundata.JetspeedRunData' and
> calling '.getProfile().getXXX()' on it, but this gives the
> strangest results like '.getLanguage()' returning the String
> : 'Anonymous' and '.getName()' returning the String : 'default.psml' ?
>
Well - getLanguage should not return 'Anonymous' - are you sure you
didn't call getUser()
Could you verify that?
getName() returning 'default.psml' is correct. That is the name of the
profile.
> Also, it seems denying a user the permission to minimize, has
> no effect at all, he can still minimize the portlets ?
>
Just discussed this one last night on this list.
Working on a patch.
> I have read the 'Portlet Howto', but it is only half finished
> and has lots of black holes.
>
Cheers :)
Any suggestions or contributions are very welcome.
> I hope you can help me.
> It is essential to my project to be able to associate Users
> with Groups, and check their associated Security Roles/Groups
> from within my code.
It should all be there (except for the UI to define groups/roles/users)
Look into JetspeedSecurityService which extends TurbineSecurity.
The idea for the checkPermission calls in Jetspeed was to extend
TurbineSecurity checks to include checks for resources (portlets,
controls, controllers, psml)
Get familiar with how Turbine's object model works.
Here's the DDL (from mySQL):
------------------------------------------------------------------------
--
-- TURBINE_PERMISSION
------------------------------------------------------------------------
--
drop table if exists TURBINE_PERMISSION;
CREATE TABLE TURBINE_PERMISSION
(
PERMISSION_ID INTEGER NOT NULL AUTO_INCREMENT,
PERMISSION_NAME VARCHAR (99) NOT NULL,
OBJECTDATA MEDIUMBLOB,
PRIMARY KEY(PERMISSION_ID),
UNIQUE (PERMISSION_NAME)
);
------------------------------------------------------------------------
--
-- TURBINE_ROLE
------------------------------------------------------------------------
--
drop table if exists TURBINE_ROLE;
CREATE TABLE TURBINE_ROLE
(
ROLE_ID INTEGER NOT NULL AUTO_INCREMENT,
ROLE_NAME VARCHAR (99) NOT NULL,
OBJECTDATA MEDIUMBLOB,
PRIMARY KEY(ROLE_ID),
UNIQUE (ROLE_NAME)
);
------------------------------------------------------------------------
--
-- TURBINE_GROUP
------------------------------------------------------------------------
--
drop table if exists TURBINE_GROUP;
CREATE TABLE TURBINE_GROUP
(
GROUP_ID INTEGER NOT NULL AUTO_INCREMENT,
GROUP_NAME VARCHAR (99) NOT NULL,
OBJECTDATA MEDIUMBLOB,
PRIMARY KEY(GROUP_ID),
UNIQUE (GROUP_NAME)
);
------------------------------------------------------------------------
--
-- TURBINE_ROLE_PERMISSION
------------------------------------------------------------------------
--
drop table if exists TURBINE_ROLE_PERMISSION;
CREATE TABLE TURBINE_ROLE_PERMISSION
(
ROLE_ID INTEGER NOT NULL,
PERMISSION_ID INTEGER NOT NULL,
PRIMARY KEY(ROLE_ID,PERMISSION_ID),
FOREIGN KEY (ROLE_ID) REFERENCES TURBINE_ROLE (ROLE_ID),
FOREIGN KEY (PERMISSION_ID) REFERENCES TURBINE_PERMISSION
(PERMISSION_ID)
);
------------------------------------------------------------------------
--
-- TURBINE_USER
------------------------------------------------------------------------
--
drop table if exists TURBINE_USER;
CREATE TABLE TURBINE_USER
(
USER_ID INTEGER NOT NULL AUTO_INCREMENT,
LOGIN_NAME VARCHAR (32) NOT NULL,
PASSWORD_VALUE VARCHAR (32) NOT NULL,
FIRST_NAME VARCHAR (99) NOT NULL,
LAST_NAME VARCHAR (99) NOT NULL,
EMAIL VARCHAR (99),
CONFIRM_VALUE VARCHAR (99),
MODIFIED TIMESTAMP,
CREATED TIMESTAMP,
LAST_LOGIN TIMESTAMP,
OBJECTDATA MEDIUMBLOB,
PRIMARY KEY(USER_ID),
UNIQUE (LOGIN_NAME)
);
------------------------------------------------------------------------
--
-- TURBINE_USER_GROUP_ROLE
------------------------------------------------------------------------
--
drop table if exists TURBINE_USER_GROUP_ROLE;
CREATE TABLE TURBINE_USER_GROUP_ROLE
(
USER_ID INTEGER NOT NULL,
GROUP_ID INTEGER NOT NULL,
ROLE_ID INTEGER NOT NULL,
PRIMARY KEY(USER_ID,GROUP_ID,ROLE_ID),
FOREIGN KEY (USER_ID) REFERENCES TURBINE_USER (USER_ID),
FOREIGN KEY (GROUP_ID) REFERENCES TURBINE_GROUP (GROUP_ID),
FOREIGN KEY (ROLE_ID) REFERENCES TURBINE_USER_ROLE (ROLE_ID)
);
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>